secp256k1_params.sage - csecp256k1 - Haskell FFI bindings to bitcoin-core/secp256k1 (docs.ppad.tech/csecp256k1).

secp256k1_params.sage (1023B)

      1 """Prime order of finite field underlying secp256k1 (2^256 - 2^32 - 977)"""
      2 P = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F
      3 
      4 """Finite field underlying secp256k1"""
      5 F = FiniteField(P)
      6 
      7 """Elliptic curve secp256k1: y^2 = x^3 + 7"""
      8 C = EllipticCurve([F(0), F(7)])
      9 
     10 """Base point of secp256k1"""
     11 G = C.lift_x(0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798)
     12 if int(G[1]) & 1:
     13     # G.y is even
     14     G = -G
     15 
     16 """Prime order of secp256k1"""
     17 N = C.order()
     18 
     19 """Finite field of scalars of secp256k1"""
     20 Z = FiniteField(N)
     21 
     22 """ Beta value of secp256k1 non-trivial endomorphism: lambda * (x, y) = (beta * x, y)"""
     23 BETA = F(2)^((P-1)/3)
     24 
     25 """ Lambda value of secp256k1 non-trivial endomorphism: lambda * (x, y) = (beta * x, y)"""
     26 LAMBDA = Z(3)^((N-1)/3)
     27 
     28 assert is_prime(P)
     29 assert is_prime(N)
     30 
     31 assert BETA != F(1)
     32 assert BETA^3 == F(1)
     33 assert BETA^2 + BETA + 1 == 0
     34 
     35 assert LAMBDA != Z(1)
     36 assert LAMBDA^3 == Z(1)
     37 assert LAMBDA^2 + LAMBDA + 1 == 0
     38 
     39 assert Integer(LAMBDA)*G == C(BETA*G[0], G[1])

	csecp256k1 Haskell FFI bindings to bitcoin-core/secp256k1 (docs.ppad.tech/csecp256k1).
	git clone git://git.ppad.tech/csecp256k1.git
	Log \| Files \| Refs \| README \| LICENSE